Wisconsin Advanced Technology Advocates, Inc.

Creative Protection

Disclaimer

Our web site contains information only and is not intended to create or solicit an attorney-client relationship. Although we welcome your questions and comments, contacting us from this web site does not create an attorney-client relationship. Information you may choose to disclose is not privileged or confidential. Nothing on our web site constitutes "legal advice." If you think you may need legal advice, we urge you to consult a lawyer to discuss your unique circumstances.

Computerworld - In a somewhat startling decision, the U.S. Court of Appeals for the Ninth Circuit last week ruled that several employees at an executive recruitment firm did not exceed their authorized access to their company's database when they logged into the system and stole confidential data from it.

In a 22-page ruling, the appellate court held that an employee with valid access to corporate data cannot be held liable under the federal Computer Fraud and Abuse Act (CFAA) if they then misuse or misappropriate the data.

"The CFAA expressly prohibits improper 'access' of computer information," chief judge Alex Kozinski wrote in the court's majority opinion. "It does not prohibit misuse or misappropriation," he wrote. The term "exceed authorized access" under the CFAA applies specifically to external hackers and violations of "restrictions on access to information, and not restrictions on its use," Kozinski held.

The appellate court's decision affirms a previous ruling made by the U.S. District Court for the Northern District of California. The government must now decide if it wants to take the case all the way to the U.S. Supreme Court.